CVE-2024-25111

CVSS V2 None CVSS V3 None

Description

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

Overview

CVE ID
CVE-2024-25111

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-03-06T18:14:28.889Z

Last Modified Date
2024-03-06T18:14:28.889Z

Weakness Enumerations

CWE	URL
CWE-674	http://cwe.mitre.org/data/definitions/674.html

References

Reference URL	Reference Tags
https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc	x_refsource_CONFIRM
http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/
https://security.netapp.com/advisory/ntap-20240605-0001/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-25111
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25111

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 13:01:47				Added to TrackCVE